Saturday, October 16, 2021

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

Must Read

The Domestic Kitten hacking group has a threat to the Iranian regime

Investigators have revealed the internal functioning of the Domestic Kitten team's surveillance operations.The Domestic Kitten also followed as the...

Hackers hide web skimmer inside a website’s CSS files

Formerly, security researchers discovered internet skimmers (Magecart broadcasts ) within favicons, website logos, live chat rooms, and, most recently,...

Smart Doorbells Are Open to Various Security Flaws

A consumer rights group has discovered security vulnerabilities from 11 popular smart doorbell products on just two of the...

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver software.

According to the researchers, some HP, Xerox, and Samsung printer models contained vulnerable driver software, sold worldwide since 2005. 

Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overflow in a print driver installer package named “SSPORT.SYS” that can enable remote privilege and arbitrary code execution. Hundreds of millions of printers have been released worldwide to date with the vulnerable driver in question.

As the researchers discovered, the buggy driver automatically gets installed with the printer software and will be loaded by Windows after each system reboot.

“This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected,” the researchers say. 

However, there is no evidence that the flaw was abused in real-world attacks.

Successful exploitation requires local user access which means that threat actors will need to first get a foothold on the targeted devices.

The vulnerable function in the driver is the acceptance of data without size parameter validation, allowing attackers to overrun the driver’s buffer theoretically. 

The issue was reported to HP by threat intelligence researchers from SentinelLabs on February 18, 2021, following which remedies have been published for the affected printers as of May 19, 2021.

Local attackers could escalate their privileges to a SYSTEM account and run code in kernel mode to perform actions including tampering with a target machine. However, SentinelLabs says that the time was not invested in finding a way to weaponize it alone, and a successful exploit may need a chain of vulnerabilities. 

Once this is achieved, they can abuse the security bug to escalate privileges in low complexity attacks without requiring user interaction.

Update ASAP Your Drivers

HP said impacted models include the HP LaserJet, Samsung CLP, Samsung MultiXpress, and Samsung Xpress series in a security advisory.

A list of affected printer models using the vulnerable driver can be found in HP’s security advisory and this Xerox security mini bulletin.

“Some Windows machines may already have this driver without even running a dedicated installation file, since this driver comes with Microsoft Windows via Windows Update,” the researchers added.

This is not the first time security flaws have been discovered in old software drivers. Earlier this May, SentinelOne revealed details about multiple critical privilege escalation vulnerabilities in Dell’s firmware update driver named “dbutil_2_3.sys” that went undisclosed for more than 12 years.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This